CVE-2025-61662 — HIGH (7.8)

Q: How severe is CVE-2025-61662?

CVE-2025-61662 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-61662?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2.

Vulnerability Description

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Grub2	<= 2.14

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2025-61662?

CVE-2025-61662 is a vulnerability with a CVSS score of 7.8 (HIGH). A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloade...

How severe is CVE-2025-61662?

CVE-2025-61662 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61662?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2.